Hacker News new | past | comments | ask | show | jobs | submit login

Of course, you do now have to trust LastPass! I do, and it's fantastic the difference it makes in these situations. No sick feeling in your stomach, no rush to change passwords everywhere, a few clicks and the problem is solved. Extra credit: use their security challenge to verify you're not using the same password on more than one website: https://lastpass.com/?securitychallenge



I've been looking at switching to a password manager like that, but I've been having trouble knowing how to pick one that a) I can trust and b) is good. I was thinking of giving up and just using a plain text file inside a truecrypt file.


I can't really help you with a, that's largely dependent on you. Whether it meets requirement b depends on how you're going to be using it, really. My use case is mostly websites, in Firefox and Chrome, and occasionally on my Android phone. I wanted the UI to integrate nicely with the browser, to be able to store other passwords besides, for the architecture to be secure (passwords are always encrypted with your master password before going to their servers, and your password is never transmitted to them), for it to have two-factor authentication, to sync automatically, and for it to have a website backup for access without the extension.

LastPass fit all these, but it might not fit your usage requirements. However, I would urge you to investigate it and all other options (KeePass seems popular, as are some other Firefox extensions) if you don't currently have a good password solution, as any of these is better than using the same password multiple places.


KeePass. Using KeePass 1 format means I can run my password crypt on Windows, OS X, and Linux. I just keep the database file on Dropbox.


A lot of people seem to do this, so I'm curious - what are the advantages compared to e.g. LastPass? Also, how well does it hold up if you used two devices simultaneously?


KeePass writes out a lock file, so the other instances will warn you and you can tell them to open the database as read-only.

Advantages? I guess I should try out LastPass. Free or $1/month premium is a good price.


Cool. I always saw this as a limitation but honestly it's very, very rare that I need simultaneous write - just simultaneous read. I will start recommending KeePass + Dropbox to those who don't trust LastPass. What's KeePass's browser integration like?


>Of course, you do now have to trust LastPass!

PassPack doesn't have this issue. Even they can't read your passwords.


Neither can LastPass. All your data is encrypted before it's sent to their servers. It's only decrypted client-side.


Right, but you have to take their word for that (not exclusive to LastPass, goes for any service like this). So ultimately, you still have to trust them.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: